Privacy Policy

1. About This Policy

This Privacy Policy is published by InsureDirect LLC d/b/a AssureArc ("AssureArc," "we," "our," or "us"), a licensed independent insurance agency operating under the brand name AssureArc via InsureDirectOnline.com. InsureDirect LLC is the legal entity licensed to transact insurance business and is responsible for all privacy practices described herein.

This policy describes how we collect, use, share, protect, and retain personal information when you visit our website, request a quote, apply for insurance coverage, communicate with our agents, or use any of our digital or in-person services (collectively, "Services").

This policy is intended to comply with, and is informed by, the following laws and regulations:

• Gramm-Leach-Bliley Act (GLBA) / 15 U.S.C. § 6801 et seq. — Federal financial privacy law applicable to insurance agencies
• North Carolina Insurance Laws — NCGS Chapter 58 — Including the NC Consumer and Customer Information Privacy regulations (11 NCAC 12.0400)
• Telephone Consumer Protection Act (TCPA) — Governing consent for automated calls and text messages
• CAN-SPAM Act — Governing commercial email communications
• Electronic Signatures in Global and National Commerce Act (E-SIGN Act)
• California Consumer Privacy Act (CCPA) as amended by CPRA — For California residents
• Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Texas Data Privacy and Security Act (TDPSA) — For residents of those states
• Children's Online Privacy Protection Act (COPPA)

By using our Services, you confirm that you have read and understood this policy. If you do not agree with any part of this policy, please discontinue use of our Services and contact us to delete your information.

2. Who We Are — Agency Disclosure

AssureArc is an independent insurance agency. We do not manufacture, underwrite, issue, or administer insurance policies. We act as an intermediary between consumers and licensed insurance carriers. When you purchase a policy through AssureArc, the policy is issued by, and your contract is with, the insurance carrier — not with InsureDirect LLC.

AssureArc receives compensation from insurance carriers in the form of commissions and/or fees for policies placed. This compensation does not increase your premium. A full Agent Compensation Disclosure is available upon request in accordance with North Carolina insurance regulations.

3. Information We Collect

We collect information necessary to match you with appropriate insurance coverage, process your application, service your account, and fulfill legal and regulatory obligations. We collect only what is reasonably necessary.

3a. Information You Provide Directly

• Full legal name, date of birth, gender
• Current and prior addresses
• Email address and phone number(s)
• Social Security Number or Individual Taxpayer Identification Number (for underwriting and identity verification, as required by carriers)
• Driver's license number, state of issuance, and driving history
• Vehicle information: year, make, model, VIN, garaging address, annual mileage, use type
• Property information: address, year built, construction type, square footage, security and safety features, ownership status
• Business information: entity name, EIN, industry classification, payroll, revenue, number of employees, prior claims
• Prior and current insurance carrier, policy limits, effective dates, and claims history
• Payment information: credit/debit card data or bank account details (processed by PCI-compliant third-party payment processors — we do not store raw card numbers)
• Credit information (obtained with your consent for underwriting where permitted by law)
• Health or medical history (only if you request life, disability, or health-related products)
• Communication preferences and marketing opt-in/opt-out status

3b. Information Collected Automatically

• IP address and approximate geographic location (city/state level)
• Device type, operating system, and browser version
• Pages visited, time on site, click paths, and referring URLs
• Search terms used within our site
• Session identifiers and interaction logs
• Cookie and tracking technology data (see Section 8)

3c. Information from Third Parties

• Motor Vehicle Records (MVRs) obtained with your consent through licensed vendors
• CLUE (Comprehensive Loss Underwriting Exchange) reports
• Credit-based insurance scores (where permitted by state law and with consent)
• Identity verification data from third-party verification services
• Insurance carrier systems for policy data after coverage is bound

3d. Sensitive Information — Special Handling

The following categories of information are treated with heightened protection and collected only when strictly necessary:

• Social Security Numbers
• Financial account details
• Health and medical information
• Credit scores and reports

We do not collect biometric identifiers (fingerprints, facial recognition data, voiceprints) unless explicitly disclosed in a separate consent form at the time of collection.

4. How We Use Your Information

We use your information for the following purposes, categorized by legal basis:

Contract Performance & Service Delivery

• Generate and present insurance quotes from multiple carriers
• Process insurance applications and bind coverage with carriers
• Manage policy renewals, endorsements, and cancellations
• Facilitate claims reporting and assist with the claims process
• Process premium payments and issue refunds
• Communicate policy updates, billing notices, and renewal reminders

Legal Obligation

• Comply with state insurance department regulations and NC DOI requirements
• Maintain records required by GLBA, state insurance laws, and tax regulations
• Respond to lawful government requests, subpoenas, or court orders
• Report suspected insurance fraud to appropriate authorities
• Deliver required regulatory disclosures (GLBA annual notice, state-required E&O disclosures)

Legitimate Business Interests

• Detect, investigate, and prevent fraud, identity theft, and unauthorized activity
• Improve our website, quote tools, and service quality
• Conduct internal analytics and business reporting
• Ensure technical security of our systems and network
• Train and supervise licensed agents

With Your Consent

• Send promotional emails, newsletters, and insurance tips (opt-in required)
• Contact you by SMS/text regarding quotes, renewals, or service updates (TCPA consent)
• Share information with additional carriers beyond your initial quote request
• Use testimonials or anonymized case studies in our marketing materials

5. How We Share Your Information

Insurance Carriers

When you request a quote or apply for coverage, your information is shared with the specific carriers you select, or those appropriate to your coverage needs. Carrier use of your information is governed by their own privacy policies and applicable law.

Service Providers (Data Processors)

We share limited information with vendors who perform services on our behalf under written contracts requiring them to protect your information and use it only as directed:

• Insurance rating engines and comparative rater platforms
• Customer Relationship Management (CRM) software providers
• Email marketing and communication platforms
• SMS communication providers (TCPA-compliant)
• Payment processors (PCI-DSS compliant)
• Website hosting and cloud infrastructure providers
• Analytics and website performance tools
• Document management and e-signature platforms
• Identity verification and fraud prevention services
• AI chat and customer support tools

Legal Disclosures

We may disclose your information when required or permitted by law: in response to subpoenas, court orders, regulatory investigations, or requests from the North Carolina Department of Insurance or other regulatory authorities; to prevent or detect fraud; or to protect our legal rights.

Business Transfers

If AssureArc or InsureDirect LLC is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. You will be notified via email or website notice if your information becomes subject to a materially different privacy policy.

With Your Explicit Consent

For any other sharing not described above, we will obtain your clear, affirmative consent before sharing.

6. Gramm-Leach-Bliley Act (GLBA) Annual Privacy Notice

As a licensed insurance agency, InsureDirect LLC is a "financial institution" subject to the Gramm-Leach-Bliley Act. We are required to deliver an annual privacy notice to all customers (defined as individuals with an ongoing insurance relationship with us).

What the GLBA Annual Notice Covers: The categories of nonpublic personal information (NPI) we collect; the categories of third parties to whom we disclose NPI; your right to opt out of certain disclosures; and our security practices.

Your Opt-Out Right: Under GLBA, you have the right to opt out of our sharing of your NPI with non-affiliated third parties for purposes other than those required to service your account or required by law. To exercise this right, contact us using the information in Section 15.

This Privacy Policy, together with any annual privacy notice we provide to customers, constitutes our complete GLBA privacy disclosure. Current customers will receive an annual notice by email or mail.

7. TCPA — Telephone & Text Message Communications

We comply fully with the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227. By providing your phone number and using our Services, you may opt into receiving telephone and SMS communications from AssureArc. We never send automated marketing messages without your express written consent.

Types of Communications

• Transactional/Service Messages (do not require opt-in): Quote confirmations, policy documents, payment receipts, renewal notices, claims updates, appointment reminders
• Marketing/Promotional Messages (require prior express written consent): Promotions, cross-sell offers, referral campaigns, newsletters

Opting Out of Text Messages

You may opt out of marketing SMS messages at any time by:

• Replying STOP to any text message from us
• Contacting us at privacy@insuredirectonline.com
• Calling (704) 810-2079 and requesting removal from our contact list

Opting out of marketing texts will not affect transactional messages required to service your insurance account. Message and data rates may apply from your carrier.

8. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to operate our website, understand user behavior, and improve our Services.

You may control or delete cookies through your browser settings at any time. Disabling certain cookies may impact the functionality of quote tools and other features. We do not currently respond to browser-level "Do Not Track" signals, but honor all explicit opt-out requests submitted directly to us.

9. Data Security Practices

We maintain a comprehensive information security program designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our safeguards include:

Limitation: No method of transmission over the internet or electronic storage is 100% secure. While we use industry-standard practices, we cannot guarantee absolute security. If you believe your account or information has been compromised, please contact us immediately at (704) 810-2079.

10. Data Breach Notification Procedures

In the event of a security incident involving your personal information, InsureDirect LLC will:

• Contain and assess the incident promptly using our incident response plan
• Notify affected individuals within the timeframe required by applicable state law — North Carolina requires notification without unreasonable delay under NC Gen. Stat. § 75-65
• Notify the North Carolina Attorney General's office and other required regulatory bodies
• Notify the NC Department of Insurance if policyholder NPI is compromised, consistent with 11 NCAC 12
• Provide a description of the incident, the type of information affected, and steps we are taking
• Offer identity theft protection or credit monitoring services where appropriate and proportionate to the harm

Our GLBA-required Information Security Program includes a written incident response plan that is reviewed and tested annually.

11. Data Retention Policy

We retain your personal information only as long as necessary for the purposes it was collected, plus any additional period required by law. Minimum retention periods for insurance agency records are typically:

After the applicable retention period, records are securely destroyed using industry-standard methods (secure deletion for digital records; cross-cut shredding for physical records).

12. Your Privacy Rights

Depending on your state of residence, you have some or all of the following rights regarding your personal information. We honor all rights described below for all users, regardless of state residency, to the extent operationally and legally feasible.

State-Specific Rights

How to Submit a Privacy Request

To exercise any of the rights above, submit a written request to us. We will verify your identity before processing your request to protect against fraudulent access.

We will acknowledge receipt within 10 business days and respond fully within 45 days of receipt, or as otherwise required by applicable law. If additional time is needed, we will notify you.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We will require written authorization and may verify directly with you.

Appeals: If we deny your request, you have the right to appeal. Contact our Privacy Officer at the address above within 30 days of receiving our denial.

13. Children's Privacy (COPPA)

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. Insurance applications typically require the applicant to be at least 18 years old and legally competent to enter a contract.

If we learn that we have inadvertently collected personal information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@insuredirectonline.com.

14. Electronic Communications Consent (E-SIGN Act)

By using our Services, you consent to receive legally required disclosures, notices, and documents in electronic form, including policy applications, policy documents, coverage confirmations, billing statements, and required regulatory notices. This consent is given pursuant to the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), 15 U.S.C. § 7001 et seq.

Hardware/Software Requirements: To receive and retain electronic communications, you need a device with internet access, a current web browser, and a valid email address.

Withdrawing Consent: You may withdraw consent to electronic delivery at any time by contacting us. Withdrawal will not affect the validity of any prior electronic disclosures. If you withdraw consent, certain Services may require paper delivery, which may involve a fee.

15. North Carolina DOI — Regulatory Compliance & Complaints

InsureDirect LLC is licensed and regulated by the North Carolina Department of Insurance (NC DOI). Our privacy practices comply with North Carolina insurance regulations, including but not limited to:

• 11 NCAC 12.0400 — Privacy of Consumer Financial and Health Information
• NCGS § 58-39 — Insurance Information and Privacy Protection Act
• NCGS § 75-65 — Identity Theft Protection Act

If you have a privacy complaint that we have not resolved to your satisfaction, you have the right to file a complaint with:

Residents of other states may file complaints with their state's insurance department. Contact us for the appropriate regulatory contact in your state.

16. Third-Party Websites and Links

Our website may contain links to carrier websites, payment portals, and other third-party services. We do not control these sites and are not responsible for their privacy practices. Clicking a third-party link takes you away from InsureDirectOnline.com, and you should review the privacy policy of any external site you visit.

17. International Users

Our Services are intended for residents of the United States. We are licensed to sell insurance only in states where we hold valid licenses. If you access our Services from outside the United States, your information will be transmitted to and processed in the United States. By using our Services, you consent to this transfer. If you are a resident of the European Union, please note that we do not actively solicit EU residents and our Services are not designed for EU use.

18. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law or considered appropriate, notify you by email or a prominent notice on our website at least 30 days before the changes take effect.

Your continued use of our Services after the effective date of changes constitutes your acceptance of the updated policy. If you do not agree with any changes, you should discontinue using our Services and contact us to request deletion of your information.

19. Privacy Officer & Contact Information

InsureDirect LLC has designated a Privacy Officer responsible for overseeing compliance with this policy and applicable privacy laws. To reach our Privacy Officer, or to submit a privacy request, access request, correction request, deletion request, or complaint, please contact us:

We take all privacy inquiries seriously and will respond within the timeframes required by applicable law. For general support inquiries, you may also use our contact page at AssureArc Support.